Steps to Reproduce
- In the self-service portal, open the Something Broken record producer.
- Right-click the Open on behalf of this user field label and select Configure variable.
- Insert HTML into the Help text field (for example: <span style="color: red;">TEST</span>).
- Go back to the Something Broken item in the self-service portal.
- Open the help text for the Open on behalf of this user field.
Note that the content does not render as HTML.
This problem is under investigation and will be fixed in a future release.
Since the release versions listed in the fix target of this problem, Help Text and Help Tag will allow html content to be rendered in Shopping Cart, RITM, and SC Task. However, this is guided by the property glide.ui.escape_text. This property renders the html content only when set to false (not recommended), otherwise it treats the html just as plain text. This is how the labels also behave, and is by design to handle XSS vulnerability, so this problem makes Service Catalog Help Text and Help Tag compliant with the platform labels.
ServiceNow never recommends placing HTML in Help Text and Help Tag, because it can cause XSS vulnerability, so the ownership of such code always lies with the customer.
Related Problem: PRB663858